From dc86eb2bf2188a495a994b4e828959caf0e58563 Mon Sep 17 00:00:00 2001
From: JosueDev-afk <josue_ceballos12@hotmail.com>
Date: Mon, 1 Jun 2026 22:40:59 -0600
Subject: [PATCH] ci: use ssh-agent with dedicated deploy key (no passphrase)

---
 .gitea/workflows/deploy-qa.yml | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/.gitea/workflows/deploy-qa.yml b/.gitea/workflows/deploy-qa.yml
index 49b68a7..c161716 100644
--- a/.gitea/workflows/deploy-qa.yml
+++ b/.gitea/workflows/deploy-qa.yml
@@ -59,17 +59,13 @@ jobs:
           set -euo pipefail
           IMAGE_TAG="${{ needs.build-and-push.outputs.image_tag }}"
 
-          echo "${{ secrets.DEPLOY_SSH_KEY_B64 }}" | base64 -d > /tmp/deploy_key
-          chmod 600 /tmp/deploy_key
-          echo "${{ secrets.DEPLOY_PASSPHRASE }}" > /tmp/passphrase
-
-          sudo apt-get update -qq && sudo apt-get install -y -qq sshpass
+          eval $(ssh-agent -s)
+          echo "${{ secrets.DEPLOY_SSH_KEY }}" | ssh-add -
 
+          mkdir -p ~/.ssh
           ssh-keyscan -H ${{ secrets.DEPLOY_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
 
-          sshpass -f /tmp/passphrase ssh -i /tmp/deploy_key \
-            -o StrictHostKeyChecking=no \
-            ${{ secrets.DEPLOY_USERNAME }}@${{ secrets.DEPLOY_HOST }} bash -s \
+          ssh ${{ secrets.DEPLOY_USERNAME }}@${{ secrets.DEPLOY_HOST }} bash -s \
             -e REGISTRY_URL=${{ env.REGISTRY_URL }} \
             -e IMAGE_NAME=${{ env.IMAGE_NAME }} \
             -e IMAGE_TAG=${IMAGE_TAG} \